Are health care records still a target for computer hackers? Absolutely, feds say


For health care cybersecurity, the rest of 2023 likely will bring more of the same: phishing, ransomware, and online attacks, according to government analysts.

The Health Sector Cybersecurity Coordination Center (HC3) is the online protection wing of the U.S. Department of Health and Human Services. The title of its latest threat brief states the situation plainly: “Electronic Medical Records Still a Top Target for Cyber Threat Actors.”

The 68-page document summarizes the benefits of using electronic medical records (EMR) and electronic health records (EHR). It also explains why vulnerabilities are harmful to patient privacy and providers’ pocketbooks: The average cost of a health care data breach hit $10.1 million in 2022, according to IBM’s “Cost of a Data Breach Report 2022.” Costs can include money paid to hackers, needed computer network repairs, and government-imposed penalties for violating patient privacy laws.

Examples include eight cyber attacks that happened Feb. 28 to March 20 at health systems in California, Indiana, Michigan, New York, Virginia, and Georgia. HC3 cited data from Becker’s Hospital Review.

據政府分析師稱,對於醫療保健網絡安全,2023 年剩餘時間可能會出現更多類似情況:網絡釣魚、勒索軟件和在線攻擊。

衛生部門網絡安全協調中心 (HC3) 是美國衛生與公眾服務部的在線保護部門。其最新威脅簡報的標題清楚地說明了情況:“電子病歷仍然是網絡威脅參與者的首要目標。”

這份長達 68 頁的文件總結了使用電子病歷 (EMR) 和電子健康記錄 (EHR) 的好處。它還解釋了為什麼漏洞對患者隱私和提供商的錢包有害:根據 IBM 的“2022 年數據洩露成本報告”,2022 年醫療保健數據洩露的平均成本達到 1010 萬美元。成本可能包括支付給黑客的錢、所需的計算機網絡維修以及政府因違反患者隱私法而施加的處罰。

示例包括 2 月 28 日至 3 月 20 日發生在加利福尼亞、印第安納、密歇根、紐約、弗吉尼亞和佐治亞州衛生系統的八次網絡攻擊。HC3 引用了 Becker's Hospital Review 的數據。